HomeRisk Managements50% of Organizations Lack Proper Management of Long-Lived Cloud Credentials

50% of Organizations Lack Proper Management of Long-Lived Cloud Credentials

Published on

spot_img

A recent report by Datadog’s State of Cloud Security 2024 revealed that nearly half of organizations, about 46%, have unmanaged users with long-lived credentials in cloud services. These long-lived credentials are authentication tokens or keys that remain valid for an extended period, making them a prime target for attackers seeking to compromise data.

With these credentials, attackers can gain persistent access to cloud services, potentially putting sensitive information at risk. The report highlighted that long-lived credentials are prevalent across major cloud service providers such as Google Cloud, Amazon Web Services (AWS), and Microsoft Entra.

Furthermore, the study found that many of these credentials are not only old but also unused. Approximately 60% of Google Cloud service accounts, 60% of AWS Identity and Access Management (IAM) users, and 46% of Microsoft Entra ID applications have access keys older than one year. These outdated credentials present a significant security risk for organizations.

Andrew Krug, Head of Security Advocacy at Datadog, emphasized the importance of organizations having a strategy to mitigate the risks associated with long-lived credentials. He emphasized the need for modern authentication mechanisms, short-lived credentials, and active monitoring of API changes commonly exploited by attackers to protect against cloud security incidents.

In addition to the risks posed by long-lived credentials, the report also highlighted the prevalence of risky cloud permissions among organizations. Approximately 18% of AWS EC2 instances and 33% of Google Cloud VMs have sensitive permissions to a project, increasing the likelihood of damaging breaches if compromised.

Moreover, 10% of third-party integrations were found to have risky cloud permissions that could allow vendors to access all data in the account or potentially take over the entire account. The report also identified that 2% of third-party integration roles do not enforce the use of External IDs, leaving them vulnerable to “confused deputy” attacks where a less privileged entity can coerce a more privileged entity to perform actions on its behalf.

Despite these concerning findings, there has been an increase in the adoption of cloud guardrails over the past year. For instance, 79% of S3 buckets are now covered by an account-wide or bucket-specific S3 Public Access Block, up from 73% in 2023. This trend is attributed to cloud providers enabling guardrails by default, signaling a positive step towards enhancing cloud security practices.

Overall, the report underscored the importance for organizations to prioritize the management of long-lived credentials, implement strong authentication measures, and regularly review and update permissions to mitigate risks associated with cloud security breaches. By proactively addressing these vulnerabilities, organizations can enhance their overall cybersecurity posture and protect against potential threats in the cloud environment.

Source link

Latest articles

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...

Argo CD Vulnerability Highlights the Need to Treat GitOps Infrastructure as Tier Zero

Evaluating Security Measures in GitOps Infrastructure: The Insights from Experts In the realm of modern...

More like this

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...